[scponly] how does scponly determine the writeable,
incoming directory ?
Paul Hyder
Paul.Hyder at noaa.gov
Thu Jan 26 12:07:34 EST 2006
The default setup_chroot.sh creates a new user with an individual
jailed home directory that contains a writeable directory named
"incoming". It is configured to chroot into the unwriteable
home directory. The document you are citing is discussion for
"Building scponly jail configurations manually".
And the actual answer to this discussion is that the setup-chroot.sh
process is just a starting point.
If you want to help out by writing additional code for the build_extras
directory or submitting specific additions/fixes for setup_chroot.sh the
community would benefit.
Paul Hyder
NOAA Earth System Research Laboratory, Global Systems Division
Ensel Sharon wrote:
> I ran setup-chroot.sh successfully, and further, I read through it line by
> line to understand what it was doing.
>
> But I do not see where it sets the writeable, incoming directory to chroot
> into when the user logs in.
>
> Here is where it creates the writeable incoming directory:
>
>
> if [ ! -d $targetdir/$writeabledir ]; then
> echo -e "\ncreating $targetdir/$writeabledir directory for
> uploading files"
> $INSTALL_PATHNAME -o $targetuser -d $targetdir/$writeabledir
>
>
> So it is creating $targetdir/$writeabledir - makes sense.
>
> And here is where it populates the password database _inside of_ the
> chroot:
>
>
> else
> #
> # this is for systems which do have pwd_mkdb
> #
> /usr/bin/grep $targetuser /etc/master.passwd >
> $targetdir/etc/master.passwd
> /usr/sbin/pwd_mkdb -d
> "$targetdir/etc" $targetdir/etc/master.passwd
> /bin/rm -rf $targetdir/etc/master.passwd
> $targetdir/etc/spwd.db
> fi
>
>
> But it is getting the information out of /etc/passwd - and /etc/passwd has
> just the home directory - it does not have the $targetdir/$writeabledir
> ... I do not see anywhere in setup-chroot.sh that the
> $targetdir/$writeabledir is done anything with. It is just created and
> that's it.
>
> Where and how does setup-chroot.sh tell scponlyc that
> $targetdir/$writeabledir is where to chroot the user into ? The
> BUILDING-JAILS file says to:
>
> The top level /etc/password file is modified for each scponly user,
> you insert the chrooted path in front of the existing path (With
> a // at the chroot point) and the shell set to your scponlyc location.
>
> Original /etc/passwd line
> auser:x:3444:3000:A user:/home/auser:/bin/csh
> Modified /etc/passwd line
> auser:x:3444:3000:A user:/{altroot}//home/EmptyHomeDir:/sbin/scponlyc
>
> Where {altroot} is your chosen chroot point for this user,
> EmptyHomeDir is the chrooted home directory name, and scponlyc is
> the path your installed version.
>
> But the setup-chroot.sh does not do that, as far as I can see.
>
> Help ?
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list